CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1291 – SourceCodester Sales Tracker Management System manage_client.php sql injection
https://notcve.org/view.php?id=CVE-2023-1291
A vulnerability, which was classified as critical, was found in SourceCodester Sales Tracker Management System 1.0. This affects an unknown part of the file admin/clients/manage_client.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Mart1nD0t/vul-test/blob/main/sts-2.md https://vuldb.com/?ctiid.222645 https://vuldb.com/?id.222645 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1290 – SourceCodester Sales Tracker Management System view_client.php sql injection
https://notcve.org/view.php?id=CVE-2023-1290
A vulnerability, which was classified as critical, has been found in SourceCodester Sales Tracker Management System 1.0. Affected by this issue is some unknown functionality of the file admin/clients/view_client.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Mart1nD0t/vul-test/blob/main/sts-1.md https://vuldb.com/?ctiid.222644 https://vuldb.com/?id.222644 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0999 – SourceCodester Sales Tracker Management System cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-0999
A vulnerability classified as problematic was found in SourceCodester Sales Tracker Management System 1.0. This vulnerability affects unknown code of the file admin/?page=user/list. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. • https://github.com/1MurasaKi/STMS_CSRF/blob/main/README.md https://vuldb.com/?ctiid.221734 https://vuldb.com/?id.221734 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0986 – SourceCodester Sales Tracker Management System Edit User sql injection
https://notcve.org/view.php?id=CVE-2023-0986
A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. This affects an unknown part of the file admin/?page=user/manage_user of the component Edit User. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. • https://vuldb.com/?ctiid.221679 https://vuldb.com/?id.221679 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0964 – SourceCodester Sales Tracker Management System view_product.php sql injection
https://notcve.org/view.php?id=CVE-2023-0964
A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. Affected is an unknown function of the file admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. • https://vuldb.com/?ctiid.221634 https://vuldb.com/?id.221634 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •